|
210061
|
7.5 |
HIGH
Network
|
redhat
|
jboss_fuse
wildfly
|
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a …
|
NVD-CWE-Other
|
CVE-2020-10718
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210062
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign-on
|
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or furt…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10748
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210063
|
4.3 |
MEDIUM
Network
|
redhat
|
openshift
|
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the…
|
CWE-20
Improper Input Validation
|
CVE-2020-10715
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210064
|
7.3 |
HIGH
Local
|
postgresql
|
postgresql
|
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working…
|
CWE-426
Untrusted Search Path
|
CVE-2020-10733
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210065
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-10229
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210066
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10228
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210067
|
6.1 |
MEDIUM
Network
|
vtenext
|
vtenext
|
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10227
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210068
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
|
CWE-416
Use After Free
|
CVE-2020-10720
|
2024-11-21 13:55 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210069
|
8.8 |
HIGH
Network
|
github
|
github
|
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers use…
|
NVD-CWE-noinfo
|
CVE-2020-10518
|
2024-11-21 13:55 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210070
|
4.3 |
MEDIUM
Network
|
github
|
github
|
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given …
|
NVD-CWE-noinfo
|
CVE-2020-10517
|
2024-11-21 13:55 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
